All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH net-next] tcp: fix out-of-bounds access in ULP sysctl
@ 2017-06-23  1:57 Jakub Kicinski
  2017-06-23 18:10 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Jakub Kicinski @ 2017-06-23  1:57 UTC (permalink / raw)
  To: netdev; +Cc: Boris Pismenny, Dave Watson, oss-drivers, Jakub Kicinski

KASAN reports out-of-bound access in proc_dostring() coming from
proc_tcp_available_ulp() because in case TCP ULP list is empty
the buffer allocated for the response will not have anything
printed into it.  Set the first byte to zero to avoid strlen()
going out-of-bounds.

Fixes: 734942cc4ea6 ("tcp: ULP infrastructure")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
---
 net/ipv4/tcp_ulp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c
index e855ea70819b..2417f55374c5 100644
--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -88,6 +88,7 @@ void tcp_get_available_ulp(char *buf, size_t maxlen)
 	struct tcp_ulp_ops *ulp_ops;
 	size_t offs = 0;
 
+	*buf = '\0';
 	rcu_read_lock();
 	list_for_each_entry_rcu(ulp_ops, &tcp_ulp_list, list) {
 		offs += snprintf(buf + offs, maxlen - offs,
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH net-next] tcp: fix out-of-bounds access in ULP sysctl
  2017-06-23  1:57 [PATCH net-next] tcp: fix out-of-bounds access in ULP sysctl Jakub Kicinski
@ 2017-06-23 18:10 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2017-06-23 18:10 UTC (permalink / raw)
  To: jakub.kicinski; +Cc: netdev, borisp, davejwatson, oss-drivers

From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Thu, 22 Jun 2017 18:57:55 -0700

> KASAN reports out-of-bound access in proc_dostring() coming from
> proc_tcp_available_ulp() because in case TCP ULP list is empty
> the buffer allocated for the response will not have anything
> printed into it.  Set the first byte to zero to avoid strlen()
> going out-of-bounds.
> 
> Fixes: 734942cc4ea6 ("tcp: ULP infrastructure")
> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>

Applied, thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-06-23 18:10 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-23  1:57 [PATCH net-next] tcp: fix out-of-bounds access in ULP sysctl Jakub Kicinski
2017-06-23 18:10 ` David Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.